fix(security): 2 improvements across 2 files#6196
Conversation
- Security: Unsafe eval() in ChainContextBase._resolve_fstring - Security: Missing input validation in PromptTemplateBase.fill() allows format string injection Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
- Security: Unsafe eval() in ChainContextBase._resolve_fstring - Security: Missing input validation in PromptTemplateBase.fill() allows format string injection Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 02743b53c2
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| template = string.Template(self.template) | ||
| try: | ||
| return template.substitute(safe_vars) |
There was a problem hiding this comment.
Switching fill() to string.Template.substitute changes placeholder syntax from {name} to $name, but this codebase (for example pkgs/swarmauri_standard/tests/unit/prompt_templates/PromptTemplate_unit_test.py lines 25-26) and existing callers use brace-style templates. With the new implementation, templates like "Please find {number} items." are returned with {number} still present (and missing-variable errors for brace placeholders are no longer raised), so prompt rendering silently stops working for current templates.
Useful? React with 👍 / 👎.
1 participant
Summary
fix(security): 2 improvements across 2 files
Problem
Severity:
Critical| File:pkgs/base/swarmauri_base/chains/ChainContextBase.py:L28The
_resolve_fstringmethod inChainContextBaseuses Python'seval()to resolve expressions within f-string templates. This is a critical security vulnerability as it allows arbitrary code execution if an attacker can control the template string or the context data. Theeval()is called with empty globals but has access toself.contextas locals, which could still be exploited for code injection.Solution
Replace
eval()with a safe expression parser such asast.literal_eval()for simple expressions, or implement a restricted template engine usingstring.Template, Jinja2 with sandboxing, or a custom parser that only allows whitelisted operations. Never useeval()on untrusted input.Changes
pkgs/base/swarmauri_base/chains/ChainContextBase.py(modified)pkgs/base/swarmauri_base/prompt_templates/PromptTemplateBase.py(modified)